It's recommended to use a recent snapshot of the '''allpatches''' branch in the [[Monotone Repository|GRUB2 monotone repository]]

+

It's recommended to use a recent snapshot of the '''allpatches''' branch in the [[Monotone Repository|GRUB2 monotone repository]]. A snapshot is available at http://coresystems.de/~patrick/coreboot.org-grub2-20080731.tar.bz2

−

(you can also just download http://coreboot.org/viewmtn/branch/head/tar/org.coreboot.grub2.allpatches - which resolves to the latest revision on that branch; the top level directory in the resulting tarball represents the revision ID, which is a SHA-1 value over revision data, and thus varies wildly).

Status

There is currently no significant work going on in our GRUB2 repository, not even synchronization to the upstream repository. If you require the additional features of our branch below, go ahead. Otherwise, upstream might serve you better. Or not. If you want to help out or report bugs for our branch, see How to help and report bugs

in the .usb branch, provides an uhci driver and usb storage support. highly experimental at this time

Building a diskimage

If you are using coreboot v2, the firmware image is not a LAR archive, as in coreboot v3. If you want to place files in the coreboot+grub2 image, you can still create a diskimage and include it in your payload.

create a lar/cpio/tar file (cpio must be gnu cpio. files created by other cpios might not be compatible)

add -m lar/cpio-file to your grub-mkimage command line

Per default GRUB2 looks for a configuration file grub.cfg in the disk image. The path is

(memdisk)/grub.cfg

Checking Signatures

Currently the tools for crypto signature verification are not built automatically. To build them, run

$ cd libs/sigtools
$ make

Using sigtools

Create a key pair filename.pub and filename.sec with

$ genkeypair filename

Create a signature of candidate using keyfile.sec and save it as candidate.sig:

$ gensig keyfile candidate

Verification in GRUB2

Load /key.pub as public key and block access to all unsigned files with

$ load-pubkey /key.pub

Verify foo using the signature foo.sig, reporting success or failure and grant access to the file foo with:

Hints and Tricks

Loading grub.cfg from disk

It is suggested that grub.cfg is contained in a memdisk/lar image. This grub.cfg can be used to load other configuration files from any mass storage media. If you want to load a grub.cfg from the first device that contains one, your in-flash grub.cfg can look like this: